home

svchost.exe

Select'Assistance Pro

The executable svchost.exe has been detected as malware by 23 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Sidebar(x34) Build19’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Microsoft® Windows® Operating System  (signed by Select'Assistance Pro)

Product:
Microsoft® Windows® Operating System

Description:
svchost.exe

Version:
6.2.9200.16420

MD5:
f5ebba823960b69969dc502e807f86dc

SHA-1:
22e8ae786b9b84cf5d2bdc0b0a57f9e03a675b6a

SHA-256:
f6cac6fef5747c78b7204a697b6de5e99f9f206a4c8c29938afa051e5860f1b4

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
4/24/2024 7:44:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSILPerseus.1806
355

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/Special.318136
8.3.2.4

Arcabit
Trojan.MSILPerseus.D70E
1.0.0.629

avast!
MSIL:Agent-CHS [Trj]
2014.9-160214

AVG
MSIL3
2017.0.2833

Bitdefender
Gen:Variant.MSILPerseus.1806
1.0.20.225

Comodo Security
UnclassifiedMalware
23796

Emsisoft Anti-Malware
Gen:Variant.MSILPerseus.1806
8.16.02.14.04

ESET NOD32
MSIL/Agent.EI
10.12747

Fortinet FortiGate
MSIL/Agent.EI!tr
2/14/2016

F-Secure
Gen:Variant.MSILPerseus.1806
11.2016-14-02_1

G Data
Gen:Variant.MSILPerseus.1806
16.2.25

IKARUS anti.virus
Trojan.MSIL3
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18158

Kaspersky
Trojan.Win32.Reconyc
14.0.0.662

McAfee
Artemis!F5EBBA823960
5600.6489

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi
1.1.12400.0

MicroWorld eScan
Gen:Variant.MSILPerseus.1806
17.0.0.135

Panda Antivirus
Trj/CI.A
16.02.14.04

Quick Heal
Backdoor.BLA.r4
2.16.14.00

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45930

File size:
310.7 KB (318,136 bytes)

Product version:
6.2.9200.16420

Copyright:
© Microsoft Corporation. All rights reserved.

Trademarks:
Microsoft Fonction Basic

Original file name:
garcon.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\programme files(x34)build19\svchost.exe

Digital Signature
Signed by:
Select'Assistance Pro

Authority:
DigiCert Inc

Valid from:
4/3/2014 7:00:00 AM

Valid to:
4/7/2017 7:00:00 PM

Subject:
CN=Select'Assistance Pro, O=Select'Assistance Pro, L=Strasbourg, C=FR

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06CE209477F1AC19A2049BDC5846A831

File PE Metadata
Compilation timestamp:
4/26/2014 1:46:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:+DbWorTo9cGGfLef/9SKkNKo4xYCGKpGWHMb:aTTQ0nNKXYhoGWsb

Entry address:
0x48BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
283.5 KB (290,304 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Sidebar(x34) Build19

Command:
C:\users\{user}\appdata\roaming\programme files(x34)build19\svchost.exe


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.